CAPEC-307
Alerte pour un CAPEC
Stay informed of any changes for a specific CAPEC.
Descriptions CAPEC
An adversary scans for RPC services listing on a Unix/Linux host.
Informations CAPEC
Execution Flow
1) Experiment
An adversary sends RCP packets to target ports.
2) Experiment
An adversary uses the response from the target to determine which, if any, RPC service is running on that port. Responses will vary based on which RPC service is running.
Prerequisites
RPC scanning requires no special privileges when it is performed via a native system utility.Resources Required
The ability to craft custom RPC datagrams for use during network reconnaissance via native OS utilities or a port scanning tool. By tailoring the bytes injected one can scan for specific RPC-registered services. Depending upon the method used it may be necessary to sniff the network in order to see the response.Mitigations
Typically, an IDS/IPS system is very effective against this type of attack.Related Weaknesses
| Weakness Name | |
|---|---|
CWE-200 |
Exposure of Sensitive Information to an Unauthorized Actor The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information. |
References
REF-33
Hacking Exposed: Network Security Secrets & SolutionsStuart McClure, Joel Scambray, George Kurtz.
REF-158
RFC768 - User Datagram ProtocolJ. Postel.
http://www.faqs.org/rfcs/rfc768.html
REF-34
Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security ScanningGordon "Fyodor" Lyon.
REF-130
The Art of Port ScanningGordon "Fyodor" Lyon.
http://phrack.org/issues/51/11.html
Submission
| Name | Organization | Date | Date release |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CAPEC Content Team | The MITRE Corporation | Updated Description, Description Summary, References, Related_Weaknesses, Resources_Required, Solutions_and_Mitigations | |
| CAPEC Content Team | The MITRE Corporation | Updated Execution_Flow | |
| CAPEC Content Team | The MITRE Corporation | Updated Description, Extended_Description |
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.